API Hacker

Exploit broken API access controls

/start api

Total Solves

16m 53s

Avg Solve Time

First Blood Claimed

1m 22s

Record Time

// FIRST BLOOD

no.curry 🩸

cracked in 16m 18s

// TOP 10 FASTEST

#1 「 ✦ Rimuru ✦ 」 1m 22s

#2 Kael 2m 16s

#3 Zyn 2m 38s

#4 harpy 2m 38s

#5 F03ever 2m 55s

#6 privalman 3m 30s

#7 ＮＹＯ 4m 14s

#8 iamunknown77 4m 22s

#9 User 4099 4m 57s

#10 Rocostre 5m 13s

// RELATED · Intermediate TIER

Command Injection

WEB+SSH Chain OS commands through a web interface

★★☆☆☆

Database Bypass

WEB+SSH Bypass authentication with SQL injection

★★☆☆☆

Malicious Upload

WEB+SSH Upload a web shell past file filters

★★☆☆☆

XML Attack

WEB Read server files through XML entity injection

★★☆☆☆

Path Traversal

WEB+SSH Traverse directories to read sensitive files

★★☆☆☆

Script Kiddie

WEB+SSH Inject JavaScript to steal credentials

★★☆☆☆

Spawn this box.
Capture the flag.

Join the Discord and type /start api to spin up your own container.

join discord → sign in with discord

API Hacker

// FIRST BLOOD

// TOP 10 FASTEST

// RELATED · Intermediate TIER

Spawn this box.Capture the flag.

Spawn this box.
Capture the flag.